Configuring Calendar Server for Connector for Microsoft Outlook
Transcription
Configuring Calendar Server for Connector for Microsoft Outlook
Configuring Calendar Server for Connector for Microsoft Outlook Sun Java Enterprise System Technical Note TM Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 819–5200 December 2009 Copyright 2009 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries. U.S. Government Rights – Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. This distribution may include materials developed by third parties. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, the Solaris logo, the Java Coffee Cup logo, docs.sun.com, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. The OPEN LOOK and SunTM Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun's licensees who implement OPEN LOOK GUIs and otherwise comply with Sun's written license agreements. Products covered by and information contained in this publication are controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical or biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Export or reexport to countries subject to U.S. embargo or to entities identified on U.S. export exclusion lists, including, but not limited to, the denied persons and specially designated nationals lists is strictly prohibited. DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Copyright 2009 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. Tous droits réservés. Sun Microsystems, Inc. détient les droits de propriété intellectuelle relatifs à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plusieurs brevets américains ou des applications de brevet en attente aux Etats-Unis et dans d'autres pays. Cette distribution peut comprendre des composants développés par des tierces personnes. Certaines composants de ce produit peuvent être dérivées du logiciel Berkeley BSD, licenciés par l'Université de Californie. UNIX est une marque déposée aux Etats-Unis et dans d'autres pays; elle est licenciée exclusivement par X/Open Company, Ltd. Sun, Sun Microsystems, le logo Sun, le logo Solaris, le logo Java Coffee Cup, docs.sun.com, Java et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc., ou ses filiales, aux Etats-Unis et dans d'autres pays. Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d'autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc. L'interface d'utilisation graphique OPEN LOOK et Sun a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciés. Sun reconnaît les efforts de pionniers de Xerox pour la recherche et le développement du concept des interfaces d'utilisation visuelle ou graphique pour l'industrie de l'informatique. Sun détient une licence non exclusive de Xerox sur l'interface d'utilisation graphique Xerox, cette licence couvrant également les licenciés de Sun qui mettent en place l'interface d'utilisation graphique OPEN LOOK et qui, en outre, se conforment aux licences écrites de Sun. Les produits qui font l'objet de cette publication et les informations qu'il contient sont régis par la legislation américaine en matière de contrôle des exportations et peuvent être soumis au droit d'autres pays dans le domaine des exportations et importations. Les utilisations finales, ou utilisateurs finaux, pour des armes nucléaires, des missiles, des armes chimiques ou biologiques ou pour le nucléaire maritime, directement ou indirectement, sont strictement interdites. Les exportations ou réexportations vers des pays sous embargo des Etats-Unis, ou vers des entités figurant sur les listes d'exclusion d'exportation américaines, y compris, mais de manière non exclusive, la liste de personnes qui font objet d'un ordre de ne pas participer, d'une façon directe ou indirecte, aux exportations des produits ou des services qui sont régis par la legislation américaine en matière de contrôle des exportations et la liste de ressortissants spécifiquement designés, sont rigoureusement interdites. LA DOCUMENTATION EST FOURNIE "EN L'ETAT" ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L'APTITUDE A UNE UTILISATION PARTICULIERE OU A L'ABSENCE DE CONTREFACON. 091207@23031 Configuring Calendar Server for Connector for Microsoft Outlook This technical note describes specific configuration tasks and other considerations for Sun JavaTM System Calendar Server to work with Connector for Microsoft Outlook. This technical note contain the following sections: ■ ■ ■ ■ ■ ■ ■ ■ ■ “Technical Note Revision History” on page 3 “Specifying the Required LDAP mail Attribute” on page 4 “Setting Up an Alternate Email Address for a User” on page 6 “Indexing LDAP Attributes” on page 6 “Configuring Shared Calendar LDAP Lookup” on page 7 “Enabling Outlook Free/Busy Lookup With Calendar Server” on page 8 “Configuring Recurring Events” on page 8 “Determining When to Purge the Delete Log Database” on page 9 “Accessing Sun Resources Online” on page 9 Technical Note Revision History Version Date Description of Changes 1.0 February 2006 Initial release of this technical note. 2.0 September 2006 Updated to add Delete Log Database section. 3.0 June 2007 Added information about limited directory browsing to the “Configuring Shared Calendar LDAP Lookup” section. 3 Specifying the Required LDAP mail Attribute Specifying the Required LDAP mail Attribute Calendar Server 6 2004Q2 was the first release to require users to have the LDAP mail attribute for both user calendars and resource calendars. For clients to use Microsoft Outlook to schedule resource calendars (for example, for meeting rooms or equipment such as a notebook computer or overhead projector), each resource must have an email address, even though email is not actually needed. The LDAP mail attribute specifies this email address. You can add the LDAP mail attribute as follows: ■ Calendar Server 5 Installation. Before you run the cs5migrate migration utility, add the mail attribute to users for user calendars. To add the mail attribute, use the Calendar Server csattribute utility or a utility such as the Directory Server ldapmodify utility. Note – If you are migrating from Calendar Server 5 to the latest version of Calendar Server, you must run the cs5migrate command with the -r option to convert the database in order to comply with the Connector for Microsoft Outlook data model. Consult technical support for information about the cs5migrate utility. ■ New Installation (beginning with Calendar Server 6 2004Q2 ). Provision the LDAP mail attribute for existing users for both user and resource calendars with the Calendar Server csattribute utility or a utility such as the Directory Server ldapmodify utility. If you are using Schema 1 and are creating new users or resources after installation, use the following utilities to specify an email address: ■ ■ For new resources:csresource -m For new users: csuser -m utility for new users For related information about csattribute, csresource , and csuser, refer to theSun Java System Calendar Server 6 2005Q4 Administration Guide. For related information about the ldapmodify utility, refer to the Sun Java System Directory Server Resource Kit Tools Reference. For Schema 2, Communications Services Delegated Administrator is the preferred tool for creating new users and resources after installation. See the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide for information about using Delegated Administrator. ▼ Adding the LDAP email Attribute to a Resource The following example adds the LDAP mail attribute for a conference room named Room100 on the sesta.com server. This example configures Messaging Server. If you are using another email server, refer to that product’s documentation for the equivalent process. 4 Configuring Calendar Server for Connector for Microsoft Outlook • December 2009 Specifying the Required LDAP mail Attribute 1 Add the mail attribute to the LDAP server using the csattribute utility: ./csattribute -a [email protected] add Room100 2 To check that the attribute has been set, use the csattribute list command with the -v (verbose) option: ./csattribute -v list Room100 ... cn=Room 100,ou=conferenceRooms,dc=sesta,dc=com has mail: [email protected] ▼ Setting the bitbucket Channel for Resource Email (Messaging Server) The following example sets up the bitbucket channel for Messaging Server for the email generated for resource calendars. This example uses a resource named Room100 on the sesta.com server. If you don’t set up the bitbucket channel (or equivalent), you will need to periodically delete the email messages sent to the resource calendar. 1 Ensure the bitbucket channel is defined in the Messaging Server's MTA configuration file (imta.cnf). 2 To direct messages to the bitbucket channel, create the email address for the resource using the csresource utility: ./csattribute -a [email protected] add Room100 Note – To enable these changes, you might need to rebuild alias tables or configurations. Refer to the documentation for Messaging Server (or your email product) as well as your site's documentation and procedures regarding changes to mail services. ▼ Setting the bitbucket Channel for Resource Email (Sendmail) The following example sets up the bitbucket channel for Sendmail for the email generated for resource calendars. This example uses a resource named Room100 on the sesta.com server. If you don’t set up the bitbucket channel (or equivalent), you will need to periodically delete the email messages sent to the resource calendar. 1 In the /etc/aliases file on the appropriate host, add an entry such as: # Resource/Conference room aliases Room100: /dev/null Configuring Calendar Server for Connector for Microsoft Outlook 5 Setting Up an Alternate Email Address for a User 2 Add the email address for the resource to the LDAP directory using the csresource utility: ./csattribute -a [email protected] add Room100 Setting Up an Alternate Email Address for a User If you need to set up an email aliase for a calendar user, use the LDAP mailalternateaddress attribute. The LDAP mail attribute provides the primary email address. The LDAP mailalternateaddress attribute provides for alternate email addresses for a user. Both attributes map the mail addresses to the user’s ID. For example, a user named John Smith has these values: ■ ■ ■ User ID (uid): johnsmith Email address: [email protected] Email aliases: [email protected] and [email protected] To add an email alias or alternate address for John Smith, enter these Calendar Server utility commands: # \ # # ./csuser -g John -s Smith -y password -l en -m [email protected] -c johnsmith create johnsmith ./csattribute -a [email protected] add johnsmith ./csattribute -a [email protected] add johnsmith Indexing LDAP Attributes In order for Connector for Microsoft Outlook to function correctly, the following LDAP attributes in the Sun Java System Directory Server should be indexed for at least presence and equality to improve the overall performance: ■ ■ ■ icsCalendar mail mailalternateaddress For more information on these attributes, see the Sun Java System Calendar Server 6 2005Q4 Administration Guide and the Sun Java System Messaging Server 6 2005Q4 Administration Guide. 6 Configuring Calendar Server for Connector for Microsoft Outlook • December 2009 Configuring Shared Calendar LDAP Lookup Configuring Shared Calendar LDAP Lookup If Directory Server requires authentication for the Shared Calendar LDAP lookup then the service.wcap.userprefs.ldapproxyauth parameter must be set in the ics.conf file as follows: ■ ■ Anonymous binding: service.wcap.userprefs.ldapproxyauth = "no" Authenticated proxy binding: service.wcap.userprefs.ldapproxyauth = "yes" If service.wcap.userprefs.ldapproxyauth is yes, set the appropriate LDAP ACI for the calmaster entry. For example, to set the calmaster ACI for proxy authentication for the sesta.com domain, use the ldapmodify tool as follows: dn: o=usergroup changetype: modify add: aci aci: (targetattr="icscalendar || cn || givenName || sn || uid || mail") (targetfilter=(|(objectClass=icscalendaruser)(objectclass=icscalendarresource))) (version 3.0; acl "Allow calendar administrators to proxy product=ics,class=admin,num=2,version=1"; allow (proxy) groupdn = "ldap:///cn=Calendar Administrators,ou=Groups,o=usergroup";) For the domain basedn node, the following example shows the correct ACI: dn: o=sesta.com,o=usergroup changetype: modify add: aci aci:(targetattr="icscalendar || cn || givenName || sn || uid || mail") (targetfilter=(|(objectClass=icscalendaruser)(objectclass=icscalendarresource))) (version 3.0; acl "Allow calendar users to read and search other users product=ics,class=admin,num=3,version=1"; allow (search,read) userdn = "ldap:///uid=*, ou=People, o=sesta.com, o=usergroup";) If there is no domain, add this ACI to the root suffix itself by removing the o=sesta.com part on the dn: line. The above ACI may pose a security issue if restricted user information is stored in certain attributes, for example, dn, givenName, sn, uid, or mail. To restrict the browsing of the directory to only people making the queries from a specific Calendar Server, change the above ACI to something like: Configuring Calendar Server for Connector for Microsoft Outlook 7 Enabling Outlook Free/Busy Lookup With Calendar Server aci:(targetattr="icscalendar || cn || givenName || sn || uid || mail") (targetfilter=(|(objectClass=icscalendaruser)(objectclass=icscalendarresource))) (version 3.0; acl "Allow calendar users to read and search other users product=ics,class=admin,num=3,version=1"; allow (search,read) (ip="192.200.2.82,127.0.0.1,192.200.2.81")and (userdn="ldap:///uid=*,ou=People,o=sesta.com,o=usergroup");) The IP addresses listed in the above ACI example (192.200.2.82, 127.0.0.1, and 192.200.2.81) are the IP addresses from which the Calendar Server makes the queries. The Calendar Server configuration program, csconfigurator.sh, adds these ACIs. If you are upgrading from Java Enterprise System 2003Q4, you must rerun the csconfigurator.sh configuration program to get these updated ACIs. Enabling Outlook Free/Busy Lookup With Calendar Server The Microsoft Outlook Free/Busy Lookup option is not supported for users who access Calendar Server in SSL mode. To use both SSL and non-SSL mode for the same Calendar Server instance, users must specify different port numbers, as follows: ■ SSL Mode — To access Calendar Server using SSL, use the SSL port. The default port number is “443” and is set in the ics.conf file by this parameter: service.http.ssl.port = "443" ■ Non-SSL Mode — To use the Outlook Free/Busy Lookup option, access Calendar Server using the regular HTTP port. The default port number is “80” and is set in the ics.conf file by this parameter: service.http.port = "80" For information about SSL, refer to Chapter 8, “Configuring SSL,” in Sun Java System Calendar Server 6 2005Q4 Administration Guide. Configuring Recurring Events In Outlook, recurring events can be created with no end date. Calendar Server accepts events with no end date internally, but creates only 60 occurrences by default. Also, free/busy information is only kept up to the number of occurrences kept in the Calendar Server. For example, if you create a daily recurring event at 10:00 am in Outlook and the Calendar Server only keeps up to 60 repeating events, on day 61 the event still appear on Outlook but the 10:00 am time appears as “free” when calculating availability. The default can be changed to a greater value by editing the calstore.recurrence.bound parameter in the ics.conf file. See “Configuring Calendar Server” in Sun Java System Calendar Server 6 2005Q4 Administration Guide for information about this parameter. 8 Configuring Calendar Server for Connector for Microsoft Outlook • December 2009 Accessing Sun Resources Online Determining When to Purge the Delete Log Database Calendar Server includes the Delete Log database (ics50deletelog.db ) to store deleted events and todos (tasks). Connector for Microsoft Outlook and other third-party clients make use of the Delete Log database when synchronizing with the Calendar Server. When a sync is performed, the Delete Log database provides Connector for Microsoft Outlook the list of deleted entries which are then deleted by Connector for Microsoft Outlook. Administrators have the option ( service.admin.purge.deletelog parameter) of setting up Calendar Server to automatically purge the entries in the Delete Log database. The caldb.berkeleydb.purge.deletelog.beforetime parameter specifies a time before which to purge entries in the Delete Log database. Problems may arise if, for example,service.admin.purge.deletelog is set to yes and caldb.berkeleydb.purge.deletelog.beforetime is set to the default of 518400 seconds (6 days), but a user takes a 14 day vacation. When the user returns from vacation and syncs Connector for Microsoft Outlook with Calendar Server, the Delete Log database contains deleted entries from the last 6 days. Outlook Connector will not delete those entries which have been purged from the Calendar Server since the previous Connector for Microsoft Outlook sync. It is recommended that Calendar Server administrators change the parameter to 2592000 (30 days) if Connector for Microsoft Outlook is used as a clients. If a 30 day interval does not provide enough time, then administrators should change the parameter to a value that is more appropriate. For example, if employees commonly take 90 day vacations, the parameter should be changed according to the company model. It is important to take into consideration the size to which the Delete Log database can grow within the time frame that the caldb.berkeleydb.purge.deletelog.beforetime is set. The size can be estimated based upon the number of users, average deleted events per day, and average size of a single Delete Log record. A simple formula of (users x events x record_size) can be used to estimate the size. For example, at a site with 1000 users, where the average number of events deleted per user per day is 20 and the average Delete Log record is 2 bytes, the size of the Delete Log database may potentially grow to 40000 (1000 x 20 x 2) bytes per day and 1200000 bytes in 30 days. For details about the Delete Log database, see Chapter 18, “Administering the Delete Log Database,” in Sun Java System Calendar Server 6 2005Q4 Administration Guide. Accessing Sun Resources Online The following web sites provides information about the following additional resources: ■ ■ ■ Documentation (http://www.sun.com/documentation/) Support (http://www.sun.com/support/) Training (http://www.sun.com/training/) Configuring Calendar Server for Connector for Microsoft Outlook 9 Third-Party Web Site References Third-Party Web Site References Third-party URLs are referenced in this document and provide additional, related information. Note – Sun is not responsible for the availability of third-party web sites mentioned in this document. Sun does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Sun will not be responsible or liable for any actual or alleged damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through such sites or resources. Sun Welcomes Your Comments Sun is interested in improving its documentation and welcomes your comments and suggestions. To share your comments, go to http://docs.sun.com and click Send Comments. In the online form, provide the full document title and part number. The part number is a 7-digit or 9-digit number that can be found on the book's title page or in the document's URL. For example, the part number of this book is 819-5200-10. 10 Configuring Calendar Server for Connector for Microsoft Outlook • December 2009